Extracted

• • Target

    3ff3ac0b64ae52ce2f5ff8b8d1486990_NeikiAnalytics.exe

  • Size

    716KB

  • MD5

    3ff3ac0b64ae52ce2f5ff8b8d1486990

  • SHA1

    680074a7d322383e86abade5bb4314ac61668d01

  • SHA256

    3bbac084cc8aad94b3d334fb9ec4b18e46ff0ad8176d7e938121f501f55eaebd

  • SHA512

    aef1a6d10611d1c4a1c4fd924b0382d5ed437d5527fd70896eda7c7f63a7ff30cba6b4da86b1f48c388e77d9d0b1452f7c35fdc283707699c940235361700a49

  • SSDEEP

    12288:bWET/mr9KSYo5SeSXUkqhccuxAru9SXR2XC18Sli+y:bWt7zJkqucums0Eti

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2